It was discovered that the Designate component in OpenStack would enter an infinite loop when processing an internal zone file transfer if a managed DNS zone included a resource record set whose size exceeded the limitations of the DNS protocol, leading to a denial of service. Only authenticated users with access to the Designate component can add such resource record sets. Acknowledgements: This issue was discovered by Florian Weimer of Red Hat Product Security.
Public via: http://seclists.org/oss-sec/2015/q3/226
Upstream bug: https://bugs.launchpad.net/designate/+bug/1471161 External References: http://lists.openstack.org/pipermail/openstack/2015-July/013548.html
Created openstack-designate tracking bugs for this issue: Affects: openstack-rdo [bug 1247952]